This one may be familiar Wide receiver and cryptographer walk into a bar and set the data security landscape on its ear No Havent heard that one hmm Since sports analogies abound in all corners of writing try this one on for size blocking and tackling the digital kind The kind that defends sensitive data against bad actors and leaves their best efforts crumpled on the field Who knows blocking and tackling better than Lewis Neal defensive end of the Dallas Cowboys Turns out he has some insight into stopping the opposing team in its tracks in a whole different arena that of data and the protection The interest is not merely academic Neal himself had been hacked while in college and became interested in data security and technology His further pursuits led to him being the first-ever NFL rookie with a patent pending for his own innovations related to 3D image capture Networking is a fortuitous thing When pursuing his patent application Neal encountered Dane Butzer founder of HyperSpace Security a company that leverages a game-changing and now-patented concept that took Butzer decades to develop Neal saw the potential of the idea and joined the company as a member of the Board of Advisors and as an equity member The HyperSpace team is now coming to market with that game-changing idea rendered across APIs and hardware To hear them tell it tokenization the way its being done right now is no winning play in that eternal scrimmage against cyber hackers Butzer and Neal point to a hole in the defensive line tied to master keys which are created whenever encryption is used to mask data or documents The keys are used both to encrypt and decrypt the sensitive payload But what if the bad guys get a hold of those keys All sorts of havoc is in the offing across companies payment systems even blockchain Keep the key untouchable then the end result is enhanced security across any number of avenues HyperSpace is well-keyed to the concept of key management but with a twist call it key shadowing Neal and Butzer told PYMNTS Karen Webster that key shadowing can also be a boon against the looming threat of quantum computing where common crypto efforts are cracked like eggs with lightning speed The overarching theme is one where keys are created and destroyed Amid The Shadows Keys Created Destroyed Reborn Between the alpha and omega along the way a number of steps come into play As Butzer explained to Webster the key that is created serves to protect data or give the go-ahead to a transaction Then a shadow or shadows of the key stretching across 10 or 1 000 or any number of shadows is created across coordinates and the hyperdimensional space Of that potentially massive pool of shadow keys several shadows as many as four are required from authorized parties to regenerate the key after its destruction The regeneration takes place only when an event or resource needs to be occasioned or accessed After regeneration and use the key is destroyed again Beyond the rough mechanics of the process Butzer said key shadowing has its roots in a simple caution one he learned after being hacked 20 years ago falling victim to a scheme that bilked small dollar amounts from his and others bank accounts The hacker who gets into a computer network or payments ecosystem owns all the data harbored and spirited across devices and rails including of course sensitive financial information Now the mantra where the key is key to the data You create the key you use the key you shadow the key and then you destroy the key said Butzer The keyword here he said with a nod toward the intended pun is that the key is never persistently stored as the shadows are dispersed The data Well that can be anything represented as data so often is via computer that is numerically up to 1 million bits spanning information across personal identifiers and credit card activity When asked where the shadow keys can reside Butzer stated they can be harbored on computers or devices and accessed through familiar means such as user passwords and other protections as various stakeholders come together to authorize an event or transaction Want a real-world application Butzer posited a scenario where in setting up a bank account the shadow keys could be dispersed to not only the account holder but the bank and even a CPA and enough parties must work in conjunction to validate a transaction coming into or out of an account across a range of devices from mobile to laptop to desktop The process takes milliseconds and does not impact the user experience said Butzer and there is no way to go from a shadow to a key by itself as the key is never persistently stored This last point is especially important As under the extant model of encrypted data across public and private keys a user who loses a private key cannot authorize new transactions thus the stories of people who have lost access to millions of dollars stored in bitcoins likely rendered forever inaccessible Also noted Butzer it is possible for a bad actor to derive a private key from a public key Sacking Quantum Computing Threats Thats a real danger noted Neal as quantum computing seeks to crack codes in seconds or hours Blockchain thought by many to be bulletproof is surprisingly vulnerable to such attacks That is one reason the government is interested as well said Neal who pointed toward recent meetings with the Federal Reserve and the Department of Homeland Security We are quantum-resistant Butzer and Neal said the meetings are part of the roadmap toward certification a several-month process that will in turn allow HyperSpaces RESTful API and appliances to find entrée at the government level and eye eventual presence in consumer-facing applications As would be germane to payments said Butzer in the payments ecosystem you can take all your payments processing people all your POS people they get a shadow and there is a shadow that goes to a customer Theres a shadow that goes to the bank or the credit card processors they come together and give authorization An old radio serial once asked decades ago Who knows what evil lurks within The shadow knows The question answer seems apropos for the 21st century but we will amend the quote a bit Who knows what evil lurks within an enterprise computer or payments system The key shadowing knows and is a new way to protect your data The threats are real growing and faster than ever and Butzer stated that education even of CISOs and CIOs remains key when it comes to key management Research company Gartner has consistently noted the threat of insider attacks and whoever holds the key to the keys seals the fate of the firm We do not claim to solve every security problem Butzer said of key shadowing as a practice but we solve a whole heck of a lot of them - You Might Also Like API Cybersecurity Dallas Cowboys data security encryption Featured News Hackers HyperSpace Security Key Management key shadowing News tokenization